Troubleshooting Jira Cloud API Authentication: 401 Error

Hey everyone, I’m stuck with a Jira Cloud API problem. I’m building an Atlassian Connect app and can’t get the authentication to work. Every time I try to make a request to the API, I get a 401 Unauthorized error. It’s driving me crazy!

I’ve set up my Node.js app with TypeScript. I’m using the atlassian-jwt library to create JWT tokens for each request. I’ve double-checked all the basics:

• My clientKey and sharedSecret are correct
• The baseUrl points to my Jira Cloud instance
• I’m only using the relative path for the qsh claim
• The JWT looks good when I decode it
• My server’s clock is synced

Here’s a simplified version of my code:

import * as jwt from 'custom-jwt-lib';

async function makeJiraRequest() {
  const token = jwt.create({
    iss: clientKey,
    iat: Date.now() / 1000,
    exp: (Date.now() / 1000) + 180,
    qsh: jwt.createHash('/api/2/issue/TEST-123')
  }, sharedSecret);

  const response = await fetch('https://mycompany.atlassian.net/rest/api/2/issue/TEST-123', {
    headers: {
      'Authorization': `JWT ${token}`,
      'Accept': 'application/json'
    }
  });

  if (response.status === 401) {
    console.error('Auth failed again!');
  }
}

Am I missing something obvious? Any ideas on what else I should check? Thanks for any help!

hey jack, have u tried using postman to test ur api calls? it can help isolate if the problem is in ur code or with the api itself. also, double-check ur app’s scopes in the atlassian marketplace listing. sometimes the 401 error is actually a scope issue in disguise. good luck mate!

I’ve been down this road before, and it can be incredibly frustrating. One thing that caught me out when I was setting up Jira Cloud API authentication was the expiration time. In your code, you’re setting the exp claim to 180 seconds from now, which is actually quite long. Jira tends to be pretty strict about token expiration.

Try reducing the expiration time to something shorter, like 30 seconds. Also, make sure your server’s clock is precisely synchronized with a reliable NTP server. Even a few seconds of drift can cause authentication failures.

Another potential issue could be with the qsh claim. Double-check that you’re using the correct HTTP method in your hash calculation. If you’re using GET for this request, make sure your qsh reflects that.

Lastly, have you verified that your app is properly installed and authorized in your Jira instance? Sometimes the issue lies not in the code, but in the app’s installation or permissions. It might be worth uninstalling and reinstalling your app in Jira to rule this out.

If none of these solve it, you might want to try using Atlassian’s API explorer to generate a valid request and compare it with yours. Good luck!

Have you considered using the Atlassian SDK for authentication instead of manually crafting JWT tokens? It’s designed to handle a lot of the intricacies of Jira Cloud authentication out of the box.

I ran into similar issues and switching to the SDK solved most of my problems. It handles token generation, expiration, and request signing automatically. You’d just need to configure it with your app details and it takes care of the rest.

If you prefer to stick with your current approach, double-check your clientKey. Make sure it matches exactly with what’s listed in your app’s descriptor file. Even a slight mismatch can cause 401 errors.

Also, verify that your app has the necessary scopes for the API endpoints you’re trying to access. Insufficient permissions can sometimes manifest as authentication errors rather than permission denied errors.

Lastly, try logging the full request headers and body you’re sending. Compare them with the expected format in Atlassian’s documentation. Sometimes the devil is in the details.